I'm a sysadmin for Sentry Data Systems. I do linux and clustering and networking, and enjoy instigating a good STONITH deathmatch when I get bored.

Work-wise, I'm a giant fan of the k.I.s.s. principle - keep I.T. simple, stupid. Don't make things any more complex than the features you need.

In my spare time, I renovate houses and ride herd on a pack of dogs with extreme mental issues. My background and career are both in systems. I look at systems, analyze them, and use them or make them better. I likeCFO DIY home stuff because the systems are simple and it's rewarding to figure em out and use them. How do I know the things I do? I have probably been there, broken that, ruined the other thing, and had to figure out how to fix all of them. we have this saying in my group of friends-who-renovate-houses: "Ask me how I know."

84 Comments

How to set up Cobbler with Puppet or Cfengine?Our deal-killer with puppet is the lack of a zypper interface. I don't have the time to sit down and learn ruby in order to develop one and provide tests against it, even if it'd be in my long-term best interest.

Aug10

comment

Network cabling TipsBryan, that's what consultants are for! Get one in to teach y'all what variables to take into account. Some of them are highly variable and will depend on the length of the runs you're dealing with...

Aug10

comment

Tool to assist loading servers into a rack?They also make ones that are operated by cranks; we have one and it's been invaluable. Just make sure your rack is level (or at least is even with the table of the lift) before you try to mate a 200 lbs unit with it's rails, which are invariably built with the most delicate plastic and pot-metal components known to man. (I'm looking at YOU, Sun Microsystems!)

Network cabling TipsWhat mhud said. There are a myriad of ways to do this, and if you aren't licensed in low-voltage wiring in your locality and don't have experience doing it, you probably shouldn't be doing the nuts and bolts without professional guidance.

Is packet sniffing for passwords on a fully switched network really a concern?In addition, think about how many network ports there are in insecure or questionably secure areas. One of my past employers had half a dozen in an unmonitored, insecure elevator lobby. Even if the port's secure, think about who else is in the building -- janitors, service techs, etc. -- and remember that social engineering is one of the easiest vectors to bypass physical security.

Aug10

comment

Poor internal database - replace it or chuck hardware at it?Joseph, I replied below in full, but -- New hardware, plus upgrading to more recent server editions, PLUS optimizing some of the queries and adding indexes will probably be most effective. You don't want to give away the competitive advantage that custom CRMs give to small, growing businesses.

Aug10

comment

OpenVPN and UDP broadcastsRemoved "belongs-on-superuser" tag -- this is a networking question with a VPN server, and belongs here.

Reasons to not allow people into the server roomA vendor was allowed into a machine room alone to service the (secondary) wet fire suppression system, which involves flushing pipes and other various plumbing tasks. First step: Bypass should be engaged, but under no circumstances should you trigger the charging circuit to effect the flush, because it will blow the ungodly huge fuse that cuts power to the server room before everything gets wet. Guess what the vendor did? All vendors must now have an escort. That's LITERALLY a wetware problem...

SELinux preventing passwordless SSH loginWhat distribution are you on? Why don't you create a folder for it elsewhere (i.e. under /home, /opt, /srv, which may or may not be restricted depending on your SELinux config) instead of under /var?

Aug5

comment

What is a good solution for an intranet video portal (YouTube-like) site?Yep, but we have $100k in server equipment and licenses plus several years of developer time. At that cost point, bandwith becomes cheap. The poor man's alternative would be to just drop files in file shares and let users download and view them -- but since the O.P. wanted a web-based solution that allows users to submit content, a file share doesn't answer the stated question. My point was that the only thing that may fit the price point between "poor man" and "youtube" is outsourcing.

Novell Xen cloudIf you're anything like me, your 'test setups' tend to hit production. We've seen a huge performance hit as we scaled up on nodes mounting the ocfs2 volume. Note also that expanding the number of nodes that can mount ocfs2 means that you have to shut everything down, unmount the volume, and use tunefs.ocfs2 to expand the number of journals. LVM, and especially cLVM, is very easy to use, is much faster, and I prefer it greatly over ocfs2.